- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Anyone have interest in FortiWeb communicating mal...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anyone have interest in FortiWeb communicating malicious traffic sources to FortiGate?
I've recently deployed an HA pair of FortiGate's and FortiWeb's to protect a web app. I configured the "FortiGate Integration" option on the FortiWeb side, but was disappointed to find that this only communicates quarantined source IP's to the FortiWeb from the FortiGate.
This seems illogical to me given the fact that the FortiGate is capable of processing, and possibly dropping, traffic at a far greater rate than FortiWeb devices, so what is the point of even having such integration; just make the FortiGate drop them. The only reason I can see such a feature existing is for those using the FortiWeb as an outbound proxy, rather than inbound.
The feature I had hoped to see was for the FortiWeb to be able to inform a FortiGate about bad activity and the FortiGate drop those sources for some defined period of time. The FortiWeb has the ability to perform very detailed layer 7 http/https inspection for malicious activity, along with hardware-assisted SSL, but has an order of magnitude less traffic handling than similarly priced FortiGate models.
For example, the FortiWeb 400D, which is not what I'd call inexpensive at $10k+, can only handle 100 Mbps of throughput. Similarly priced FortiGate 600D can handle 24-36 Gbit/sec. If some bad actor who is not on a 'known bad' IP address has a few hundred megabits of bandwidth available, he could just send 200 Mbit of SQL injection HTTPS requests to the web app, FortiGate will happily pass them through all day long while the FortiWeb gets taken down.
Seems completely obvious to me that there should be a feature where FortiWeb says hey, IP 192.0.2.1 has sent <configurable number> of malicious requests, let's tell the FortiGate to drop packets from that source for <configurable number of minutes>. Now you have the 24+ Gbit/sec device mitigating an attack to protect the 100 Mbit/sec device. Anything short of that means to have your web app survive an application attack, particularly if it's distributed, would be to put a $150k FortiWeb model in place behind your $10k firewall. Or, go with a service instead of Fortinet products at all, like Cloudflare. For a couple hundred/month, Cloudflare seems like the way to ago.
I raised these concerns to my sales rep and SE, it made it to FortiWeb product management, the response was no one's ever asked for that so there's no demand and we don't see any reason to do that. I'm guessing this means most users of FortiWeb's are using them as outbound appliances to protect internal users, and not my use case which is protect web apps on the inside from layer 7 attacks?
0 REPLIES 0
Related Posts
- Automatically Ban Malicious Inbound IPs using... 163 Views
- Fortigate 200E HIGH CPU USAGE -... 145 Views
- Can we use a AWS Community... 282 Views
- Threat detected but not blocked -... 230 Views
- Unable to unblock site via category... 572 Views
Labels
-
FortiGate
6,482 -
FortiClient
1,294 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiSwitch
331 -
FortiAP
330 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
86 -
FortiCloud Products
82 -
FortiToken
69 -
IPsec
69 -
Customer Service
69 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
57 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
FortiAuthenticator
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSID
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSL SSH inspection
5 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
NAC policy
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.